sinisake

Ok, thanks, using of custom vars should be the solution...

Anyone? ??? I hope that someone who had similar type of site/payment option, have some advice...

Hi, i need help with php/paypal integration (it is first time that i try to make this) This site is in question: http://www.dominican-rep.com/dating/ (you can test shopping cart feature if you want) My idea is that: 1) user clicks on ''pay now'', or ''checkout'' button when he choose girls 2) except some kind of user ID, i should send total amount and girls ID's (codes) to paypal 3) after transaction paypal should return user ID, some kind of payment verification, and girls ID's too, because... 4) in this step, if all is ok, if payment is done, and transaction is confirmed, script should generate page which will display chosen (paid) girls contact details to user I have started with reading paypal documentation, and, as i can see - paypal shopping cart is not best solution (since there are no individual item prices, only ''package'' price exist)... Also, i am not sure can i use individual item ''buy now'' button (because of all info i should send and receive).. Thanks in advance!

Thanks people, but my biggest concern here isn't fact that votes/ratings can be fake. I know that there is no possibility to get real user identification and to prevent malicious users to do they job, without registering(but, as i said, there is no registration/login, everyone can vote). I am concerned about script/server(s) possible overloading with some of mentioned ways of storing/retrieving data... @MattDunbar, yes, even i am not using static ip, and also, proxies are here, so... Your suggested way is actually 3. way i described. My biggest concern here is number of rows which could be (possibly) created, and how many mySQL db can stand. Performances of scripts, if number of users/raters be dramatically increased?

Hi, my question is more about DB/script optimization, because script could(possibly!) work with big number of users/votes/ratings... My client said that cookies will be fine. (I know that other ways - sessions and IP tracking have their disadvantages too...) To be more clear, everyone can vote, there is no registration/login... And, now i would like your suggestions about implementing of multiple voting prevention... What you would do? I have several solutions/suggestions: 1) all data stored in cookie(unique id and id's of pictures which has been rated, script should pull off picture id's from cookie) 2) cookie+DB -1.way All ratings/votes from same user in one field/one row! TABLE STRUCTURE: id,unique_id,picture_ids(separated by commas) for example 1, 1uu2145u55, 1,2,4,5,6 This way is good when there is no too many votes, but you can imagine what will be with number increasing... (i am using explode() function to get rated images id's) 3) cookie+DB -2.way EVERY RATING - ONE ROW IN DB same db structure, but: id,unique_id,picture_ids(separated by commas) for example: 1, 1uu2145u55, 1 1, 1uu2145u55, 2 1, 1uu2145u55, 3 Sorry for my English, i hope that you understand what i tried to say. So, what you would suggest?Is there any other(better) way? Thanks in advance!

session_start() must be on the TOP of the code, before ANY other output.

you can use die() too...

Ok, thank you... and about 'real email':well, i can put data in session and save it, but i hope that users will type their emails properly

Hi again source, http://www.sinisa.milicevici.com/real_estate/ I made some mistakes.Here is site again.

Ok, let's try again... I hope that now just Session Fixation problem is left(i am not familiar with this problem, i must read some things about it...) Of course,I know, you will find something more...

This is not mine-definitely

Thanks! See ya soon.

Ok @agentsteal, i will remove error reporting for image functions, but how to fix this []... Thank you again very much!

Uuuh...ok one thing isn't clear to me: 1)how xss was successful? I had feel that all fields are protected. ??? Also, those things about cookies rewriting... I think that i removed most of security holes( i thought it first time too, llool)

yes...i don;t have enough time now... i will ask for re-test probably tomorrow. Thanks for all, guys!